Skip to content

Ivido Usecase PEP Interaction Demo

%%{init: {'theme': 'default' } }%%
sequenceDiagram
    participant Uploader
    participant Project Leader
    participant Access Administrator
    participant Data Administrator
    participant PEP
    participant Downloader

    Note over Uploader,Downloader: Upload Sequence 
    Uploader->>Project Leader: Data upload request.
    Note over Uploader,Project Leader: Supply description on subjects and <br />data, e.g. via email.
    Project Leader->>Data Administrator: Upon approval: <br /> forward request.
    Data Administrator->>PEP: Create columns
    Data Administrator->>PEP: Create ColumnGroup
    Data Administrator->>PEP: Add columns to ColumnGroup
    Data Administrator->>PEP: Create participantsgroup
    Project Leader->>Access Administrator: Request permissions <br />for Uploader
    Access Administrator->>PEP: Grant Uploader read access to ParticipantIdentifiers
    Access Administrator->>PEP: Grant Uploader read and write access to ColumnGroup
    Access Administrator->>PEP: Grant Uploader full access to ParticipantGroup
    Access Administrator->>PEP: Create Token for Uploader
    Access Administrator->>Uploader: Supply token using PostGuard
    Uploader->>PEP: Register participants
    Uploader->>PEP: Add registered participants to participantsgroup
    Uploader-->PEP: Store data in PEP
    Note over Uploader,Downloader: Download Sequence<br />(the download request may also be the<br />initiator of the upload request/sequence)
    Downloader->>Project Leader: Request download access
    Project Leader->>Access Administrator: Upon approval:<br />forward request
    Access Administrator->>PEP: Grant Downloader access to ParticipantGroup
    Access Administrator->>PEP: Grant Downloader read access to ColumnGroup
    Access Administrator->>PEP: Create Token for Downloader
    Access Administrator->>Downloader: Supply token using PostGuard
    Downloader-->PEP: Perform download of <br />shared data

Scenario's:

  • An Uploader (Ivido_Upload) has ECG data that needs to be uploaded to pep. It will be stored in a column named ECGMeasurement. Later on, blood value data will be stored in another column (BloodValues).
  • A Downloader would like to download the ECG data.

Actors:

  • Project Leader
  • Data Administrator
  • Access Administrator
  • Uploader (Ivido_Upload)
  • Downloader (Onderzoeksinstituut_A)

Upload Scenario

  • Uploader puts in a request with the Project Leader to upload the data and provides the following information:
    • Names of the columns
    • Names of the columngroups
    • Names of the participantgroups
    • Number of participants in each participantgroup
    • Name of their usergroup (uploader group)
  • In our example:
Hallo Project Leider,

Voor de demo studie heb ik data van 3 participanten in de nog niet bestaande 
participantgroep "DemoStudyParticipants" in de kolommen 
"ECGMeasurement" en "BloodValues". Deze twee kolommen mogen 
worden samengevoegd in een kolomgroep "DemoStudyFields". De data 
zou ik graag vanuit de usergroep "Ivido_Uploader" kunnen uploaden. 

Bij voorbaat dank,

Met vriendelijke groet,

Ivido Data uploader

Data Administrator

Upon approval, the Project Leader asks the Data Administrator to create the required column(s), columngroup(s), and participantgroup(s). Access can only be granted to columngroups. Therefore, if access has to be granted to a single column, that single column has to be added to a columngroup on its own.

Create the columngroup

pepcli --oauth-token [PathToToken]/DataAdministratorToken.json ama columnGroup create DemoStudyFields

Create the first columngroup and add it to the columngroup

pepcli --oauth-token [PathToToken]/DataAdministratorToken.json ama column create ECGMeasurement
pepcli --oauth-token [PathToToken]/DataAdministratorToken.json ama column addTo ECGMeasurement DemoStudyFields

Create the second columngroup and add it to the columngroup

pepcli --oauth-token [PathToToken]/DataAdministratorToken.json ama column create BloodValues
pepcli --oauth-token [PathToToken]/DataAdministratorToken.json ama column addTo BloodValues DemoStudyFields

Create the participantgroup

pepcli --oauth-token [PathToToken]/DataAdministratorToken.json ama group create DemoStudyParticipants

Register the particpants and add them to the participantgroups

At the moment, no practical API exists for this process.

pepcli --oauth-token [PathToToken]/DataAdministratorToken.json register id
pepcli --oauth-token [PathToToken]/DataAdministratorToken.json ama group addTo DemoStudyParticipants [ID_printed_by_previous_command]

Access Administrator

The Project Leader asks the Access Administrator to grant access to the column- and participantgroups and to create a token for the usergroup.

Read rights to the ParticipantIdentifier columngroup

pepcli --oauth-token [PathToToken]/AccessAdministratorToken.json ama cgar create ParticipantIdentifier Ivido_Upload read

Read and write rights to the data columngroup

pepcli --oauth-token [PathToToken]/AccessAdministratorToken.json ama cgar create DemoStudyFields Ivido_Upload read
pepcli --oauth-token [PathToToken]/AccessAdministratorToken.json ama cgar create DemoStudyFields Ivido_Upload write

Access and enumerate rights to the participantgroups to gain access to the speficied participants

pepcli --oauth-token [PathToToken]/AccessAdministratorToken.json ama pgar create DemoStudyParticipants Ivido_Upload access
pepcli --oauth-token [PathToToken]/AccessAdministratorToken.json ama pgar create DemoStudyParticipants Ivido_Upload enumerate

Create token

pepcli --oauth-token [PathToToken]/AccessAdministratorToken.json asa token request --json "Jan Jansen" "Ivido_Upload" --expiration-yyyymmdd 20230825 > [PathToToken]/UploadToken.json

The Access Administrator gives the token to the Uploader and notifies them uploading can start.

Uploader

The Uploader can now start the upload

Retrieving the ParticpantIdentifiers

pepcli --oauth-token [PathToToken]/UploadToken.json list -P DemoStudyParticipants -C ParticipantIdentifier

Actual upload

pepcli --oauth-token [PathToToken]/UploadToken.json store -c ECGMeasurement -p [ParticpantIdentifier] -d "Met deze flag kan je direct data uploaden."
pepcli --oauth-token [PathToToken]/UploadToken.json store -c ECGMeasurement -p [ParticpantIdentifier] -i [PathToDataFile]

Success! The data is now stored.

Download Scenario

Downloader Onderzoeksinstituut_A puts in a request with the Project Leader to download the data. Upon approval, the Project Leader asks the Access Administrator to grant access to the column- and participantgroups and to create a token for the Downloader's usergroup.

Access Administrator

Access and enumerate rights to the participantgroups

pepcli --oauth-token [PathToToken]/AccessAdministratorToken.json ama pgar create DemoStudyParticipants Onderzoeksinstituut_A access
pepcli --oauth-token [PathToToken]/AccessAdministratorToken.json ama pgar create DemoStudyParticipants Onderzoeksinstituut_A enumerate

Read rights to the columngroup

pepcli --oauth-token [PathToToken]/AccessAdministratorToken.json ama cgar create DemoStudyFields Onderzoeksinstituut_A read

Create token

`pepcli --oauth-token [PathToToken]/AccessAdministratorToken.json asa token request --json "Karel de Korte" "Onderzoeksinstituut_A" --expiration-yyyymmdd 20230825 > [PathToToken]/DownloadToken.json

The Access Administrator gives the token to the Uploader and notifies them downloading can start.

Downloader

The Downloader now is able to start the download. They can specify which columns, columngroups, participants, and participantgroups they wish to retrieve, or add the flag --all-accesssible to download all to which they have access.

Actual download

pepcli --oauth-token [PathToToken]/DownloadToken.json pull -P DemoStudyParticipants -C DemoStudyFields

or

pepcli --oauth-token [PathToToken]/DownloadToken.json pull --all-accessible

The data will be downloaded to a directory in the cwd, on default named pulled-data.

The Downloader now has the data using different ParticpantIdentifiers and can use the data however they wish.